---
title: "Incident report for June 22"
publishedAt: "2024-06-22"
summary: ""
tag: "Security"
---

On June 22nd, we got notified by [Lunchcat](https://lunchcat.dev) that users' email addresses and names could be accessed through our API.

<br />
We have addressed the issue and revised our security policy accordingly.
<br />
We deeply apologize for any impact this incident may have had on our users. Our commitment
to transparency and prevention remains steadfast. Below is a summary of what occurred,
how we resolved the issue, and the measures we are implementing to prevent future
occurrences.

<br />
### Incident timeline

- On June 22nd, at 3:01 PM, we got notified about the issue.
- On June 22nd, at 3:44 PM, we identified the issue.
- On June 22nd, at 3:49 PM, we resolved the issue.

<br />
### How this affects you

No user action is required to continue safely. <br />
Accessed: User email and name.

<br />
### Actions and remediations

These are the preventative measures that we have **already taken**:

- Fixed our misconfigured access policy

<br />
These are the preventative measures that we will be taking **immediately**:

- Improving monitoring and alerting

<br />
### Conclusion

We sincerely apologize to everyone affected by this incident, and we appreciate your understanding.

Please reach out to us at support@midday.ai if you have any questions.
